It works because it's not sent as HTTP Basic when cloning. Fossil sends it in it's own 'Card' format. The password is sent hashed and nonced (though I forget the exact details of the exchange.) Which means it's actually a bit better than Basic authentication.
-B On Tue, Nov 22, 2011 at 11:38 AM, Jeremy Cowgar <jer...@cowgar.com> wrote: > That is interesting that it works for cloning. I was under the impression > that a CGI application could not even retrieve that information. I will look > into the clone code and see how it is retrieved. Thanks for reminding me of > that. > > Jeremy > > From: Stephan Beal > Sent: Tuesday, November 22, 2011 2:32 PM > To: Fossil SCM user's discussion > Subject: Re: [fossil-users] Authentication via URL > On Mon, Nov 21, 2011 at 11:28 PM, Jeremy Cowgar <jer...@cowgar.com> wrote: >> >> http://user:pass/@... does not work. That is just another way of encoding >> for HTTP Basic Authentication which fossil does not support, and cannot >> support w/CGI. > > > Aha - i see now that it works for cloning, but apparently not the HTTP > interface. i wasn't aware of that. > > -- > ----- stephan beal > http://wanderinghorse.net/home/stephan/ > > ________________________________ > _______________________________________________ > fossil-users mailing list > fossil-users@lists.fossil-scm.org > http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users > > _______________________________________________ > fossil-users mailing list > fossil-users@lists.fossil-scm.org > http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users > > _______________________________________________ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
